Mikhail Stepankin

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server version 6.0 before U2 VMware ESXi version 6.0 **Description** The issue is related to a CRLF injection vulnerability that allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. This is due to the failure to properly handle CRLF sequences, allowing user-supplied data to be added to HTTP response headers without proper processing. As a result, an attacker can control HTTP response headers and bodies, potentially leading to cross-site scripting attacks and attacks on intermediate proxy servers. **Recommendations** For VMware vCenter Server version 6.0 before U2, update to version U2 or later to resolve the issue. For VMware ESXi version 6.0, update to a version that includes the fix for this issue, as no specific version is mentioned as being unaffected. At the moment, there is no information about a newer version that contains a fix for VMware ESXi version 6.0.